Cyber attacks are rarely out of the headlines. We know that state actors, terrorists and criminals can take advantage of cyber means to target the digital infrastructures of our societies. We have also learned that as our societies become more dependent on digital technologies, they become more vulnerable to cyber attacks.
Examples are not lacking, from the 2007 attacks on digital services in Estonia and the 2008 cyberattack on a nuclear power plant in Georgia to WannaCry and NotPetya, two ransomware attacks that encrypted data and demanded ransom payments, and the cyberattack from ransomware on the US Colonial Pipeline, a US pipeline system that supplies fuel to states in the South East.
When analyzing the ethical and legal implications of cyber attacks, it is crucial to distinguish the actors involved, since the permissibility of certain actions also depends on the actors involved.
My work focuses primarily on state-on-state cyberattacks. One of the most recent examples of such attacks were those launched against Ukrainian military forces and attributed to UNC1151, a Belarusian military unit, prior to the Russian invasion of Ukraine.
Observers watched the Russian invasion and expected cyber to be a key element. Many feared a “cyber-Pearl Harbor”, that is, a massive cyberattack that would have a disproportionately destructive result and lead to an escalation of the conflict.
So far, the invasion of Ukraine has proven highly destructive and disproportionate, but cyber has played little, if any, role in delivering these results. Does this mean that a Cyber-Pearl Harbor will never happen? More importantly, does this mean that cyber attacks are a secondary capability in warfare and that we can continue to leave their use unregulated?
The short answer to both questions is no, but there are nuances. So far, cyber attacks have not been used to cause massive destruction; a cyber Pearl Harbor, as some commentators argued in the early 2000s. The lack of the cyber element in Ukraine is not surprising, given how violent and destructive the Russian invasion has been. Cyber attacks are disruptive rather than destructive. They’re not worth throwing when actors are aiming for massive kinetic damage. Such destruction is most effectively achieved by conventional means.
However, cyber-attacks are neither victimless nor harmless and can cause disproportionate and unwanted damage that can have serious negative consequences for individuals and our societies in general. For this reason, we need proper regulations to report state use of these attacks.
For many years, the international debate on this issue has been driven by a myopic approach. The reason was to regulate interstate cyberattacks to the extent that they have results similar to those of a (conventional) armed attack. As a result, most interstate cyberattacks have gone unregulated.
This is the failure of what I called the “analog approach” to the regulation of cyber warfare, which aims to regulate cyber warfare only to the extent that it resembles kinetic warfare, that is, if it leads to destruction, bloodshed and casualties. Indeed, it fails to capture the novelty of the cyber attack, which is disruptive rather than destructive, and the seriousness of the threats they pose to a digital society. The basis of this approach is the lack of recognition of the ethical, cultural, economic and infrastructural value that digital assets have for our digital societies.
It is reassuring that, after the failure of 2017, in 2021, the UN Group of Governmental Experts on Promoting Responsible State Behavior in Cyberspace in the Context of International Security may agree that interstate cyberattacks should be regulated accordingly. with the principles of international law. Humanitarian Law (DIH).
Although this is going in the right direction, it is only a first step, and a long overdue one. Indeed, the principles of IHL and the ethical principles of just war theory remain valid when considering cyber warfare. We need interstate cyberattacks to be proportionate, necessary, and distinguish combatants from noncombatants. However, the implementation of such principles is problematic in the context of cybernetics; for example, we lack a clear threshold for proportionate and disproportionate attacks, and criteria for assessing damage to intangible assets. We also lack rules to consider issues related to sovereignty and due diligence.
Philosophical and ethical analyzes are needed to bridge this gap and understand the nature of a war that separates aggression from violence, that targets non-physical objects, and yet can cripple our societies. At the same time, we must ensure that, as more defense institutions see digital technologies as a critical asset in maintaining superiority over opponents, they invest in, develop and use these capabilities in accordance with the values that underpin democratic societies. and to maintain international stability.
As digital technology continues to be integrated into defense capabilities, see, for example, artificial intelligence (AI), more conceptual and ethical questions arise regarding its governance. To this end, it is important that defense institutions identify and address the ethical risks and opportunities that these technologies generate and work to mitigate the former and take advantage of the latter.
Yesterday, the UK Ministry of Defense issued a policy document: Ambitious, Secure, Responsible: Our Response to AI-Enabled Capability Delivery in Defense, which contains an appendix with the Ethical Principles for the Use of AI in Defense. It is a step in the right direction. The principles are broad and more work is needed to implement them in specific defense contexts. However, they mark an important milestone, as they show the Ministry of Defense’s commitment to focus on the ethical implications of the use of AI and address them in a manner consistent with the values of democratic societies.
These principles come two years after those published by the US Defense Innovation Board. Between the two sets of principles, there are some convergences that may hint at the emergence of a shared vision among allies on how to use AI and, more broadly, digital capabilities for defense. My hope is that these principles can be the seeds for developing a shared framework for the ethical governance of the use of digital technologies for defense purposes.
Cyber attacks could endanger the world’s food supply
Floridi, L., & Taddeo, M. (Eds.), The ethics of information warfare. (2014). springer publications
Mariarosaria Taddeo, Just Information War, topoi (2014). DOI: 10.1007/s11245-014-9245-8
Mariarosaria Taddeo et al, Regulating artificial intelligence to prevent the cyber arms race, Nature (2018). DOI: 10.1038/d41586-018-04602-6
Mariarosaria Taddeo et al, Ethical Principles for Artificial Intelligence in National Defense, Philosophy and Technology (2021). DOI: 10.1007/s13347-021-00482-3
Citation: Why We Need the Philosophy and Ethics of Cyber Warfare (2022, June 16) Retrieved June 16, 2022 from https://techxplore.com/news/2022-06-philosophy-ethics-cyber-warfare. html
This document is subject to copyright. Other than any fair dealing for private study or research purposes, no part may be reproduced without written permission. The content is provided for informational purposes only.